matmat 1 Posted ... This is written on wireguard privacy faq: "The different issue here is that WireGuard keeps this data even if the session is closed. In AirVPN servers, if no handshake has occurred within 180 seconds, the peer is removed and reapplied. Doing so removes the real IP address from server memory." Can someone from staff please explain a bit more detail on what does this mean? I would read this as wireguard removing road warrior peer after 180s. In that case, those 3mins are the only time where privacy is of concern. So why is it a privacy issue and why is it said that client IP is permanently visible on the server if the peer is removed after 3min? What does the 'reapplied' actually mean? And how is it actually done? Thanks Quote Share this post Link to post
Staff 9972 Posted ... @matmat Hello! WireGuard doesn't ever remove the public IP address of the peer. It must be done by a specific non-WireGuard task which does it for each session who had no handshake in any given 180 s timeframe. Therefore, this important WireGuard problem is greatly mitigated because the public IP addresses of the peers will not remain forever on the VPN servers (which is a grave privacy concern), but only for 3 minutes after a disconnection. "Reapplied" is just a glitch in the description, you can ignore it. Just use OpenVPN if this mitigation is not enough for your needs or threat model. Kind regards 1 flat4 reacted to this Quote Share this post Link to post
matmat 1 Posted ... Thanks for the answer. Maybe this can be incorporated into the FAQ. So basically you have a separate job/Script/service that removes the peer and with it records of a connection? This sounds great for wireguard. And also with that removal of peer, you drop all the info about the client like data volume etc? Basically, after 3min, even you (as in airvpn) shouldn't know if a wireguard connection was ever used for a specific account. Is there a different logging policy applied for wireguard compared to OpenVPN? Thanks 1 xmartymcflyx reacted to this Quote Share this post Link to post